Premium Members Only Video - Exclusive expert insight on PATCO fraud case
When a business banking account is breached, who is liable - the customer whose credentials were stolen, or the bank that failed to catch the transaction? Fraud experts debate the question and review recent cases.
At the heart of each of these disputes is the fundamental question: Who should be held liable for the losses? Is it the customer who fell victim to the fraudsters? The banking institution that failed to prevent the anomalous transactions? Or even the third-party service provider responsible for the bank's anti-fraud controls?
Among the topics they discuss:
An overview of the PATCO Construction fraud case;
Recent court decisions re: online banking fraud;
Anti-fraud technologies to help detect and prevent fraud;
How organizations can avoid being he victims of costly litigation.
In 2009, PATCO Construction, a family-owned firm, made national news when it revealed that fraudsters had drained more than $580,000 in a series of bogus transactions from the company's commercial account with the former Ocean Bank.
PATCO sued the bank, arguing that the institution did not comply with existing regulatory requirements for multifactor authentication.
In May 2011, a U.S. District Court ruled in favor of the bank. But a federal appeals court disagreed. In July of 2012, the First Circuit Court of Appeals called Ocean Bank's security procedures "commercially unreasonable," reversing the lower court's ruling and further recommending that the two parties pursue an out-of-court settlement.
PATCO is but one of scores of U.S. businesses victimized since this surge of account takeover fraud began in 2009. And this case is but one of several high-profile lawsuits pitting banking institutions against their customers. Other recent cases include Calif.-based Village View Escrow Inc., which reached an out-of-court settlement with Professional Business Bank over a dispute involving nearly $400,000 in fraud losses. And Mississippi-based BancorpSouth filed a counterclaim against Choice Escrow and Land Title LLC of Missouri, saying the customer is solely responsible for $440,000 in losses after fraudsters compromised Choice's username and password.
In this panel discussion, Tracy Kitten, Managing Editor of BankInfoSecurity, will explore this liability question with a broad range of industry experts. Panelists include Joseph Burton, an attorney who specializes in cybercrime litigation, with a particular eye on account takeover cases; Bill Nelson, President and CEO of FS-ISAC, the banking industry group that has worked tirelessly to promote enhanced detection and prevention of account takeover; Dan Mitchell, attorney for PATCO Construction, the noted fraud victim that sued its bank and won on appeal; and George Tubin, longtime banking and fraud expert who currently serves as senior security strategist for security vendor Trusteer.
At the law firm Duane Morris, Burton focuses on information security and cyberfraud issues as well as civil, criminal and appellate litigation. He advises and represents individuals and corporations regarding their rights and responsibilities in maintaining the security of digital information. His practice includes trade secret, trademark and patent litigation, with an emphasis on cybercrime and cybersecurity. Burton is a former assistant U.S. attorney who handled several pioneering high technology investigations and prosecutions, including the first prosecution in the nation for criminal copyright infringement of computer code.
Mitchell is affiliated with Maine-based Bernstein Shur, where he works in litigation and business law. He also is a member of the firm's data security team, where his work in the PATCO case is noted for breaking new ground in the ways courts should evaluate commercial reasonableness for Internet banking. Mitchell is recognized by Chambers USA for commercial litigation and is listed in Best Lawyers in America.
FS-ISAC is a non-profit association dedicated to protecting financial services firms from physical and cyberattacks. Prior to this role, Nelson in 2009 was elected vice chairman of the ISAC Council, a group dedicated to sharing critical infrastructure information with the government and across the key sectors. From 1988 to 2006, he served as executive vice president of NACHA - The Electronic Payments Association. While at NACHA, Nelson oversaw the development of the ACH network into one of the largest electronic-payment systems in the world, processing nearly 14 billion payments in 2005.
Tubin is Director of Marketing at Transmit Security and a recognized expert in digital banking and payments security and cyber-fraud prevention. He was previously Vice President of Marketing at Socure and Senior Research Director with the leading financial services research firm CEB TowerGroup (acquired by Gartner, Inc.) where he delivered thought leadership and insights to leading financial services institutions, technology providers, and consultancies on business strategies, technologies, and market trends in retail, Internet and mobile banking, and fraud management.